Re: strange connection attempts

From: Crist J. Clark (crist.clark@attbi.com)
Date: 04/14/03

  • Next message: Mike Silbersack: "Re: (OT) rfc1948 question"
    Date: Mon, 14 Apr 2003 13:03:25 -0700
    From: "Crist J. Clark" <crist.clark@attbi.com>
    To: GiZmen <gizmen@pals.one.pl>
    
    

    On Mon, Apr 14, 2003 at 09:44:31PM +0200, GiZmen wrote:
    [snip]

    > my address is "xxx" and 192.43..... is an expamle address of dns server.
    >
    > I know that dns use an udp protocol but is it normal to have these connection
    > attempts??

    Someone else already explained this. It comes down to: the timeout of
    your DNS application is shorter than the timeout on the firewall. Your
    DNS application sends out a query and waits... and gives up. When it
    give up, it closes the socket. However, the DNS server Out There
    manages to still return a response some time later. Your firewall has
    not timed out the UDP "connection" yet, so the response come
    through. But there is no listening socket anymore, so it gets
    logged_in_vain.

    -- 
    Crist J. Clark                     |     cjclark@alum.mit.edu
                                       |     cjclark@jhu.edu
    http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Mike Silbersack: "Re: (OT) rfc1948 question"